Описание
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- Not ApplicableVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Not ApplicableVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.2.0 (включая) до 8.2.3 (исключая)
cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00042
Низкий
6.7 Medium
CVSS3
7.2 High
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.7
github
больше 3 лет назад
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.
EPSS
Процентиль: 13%
0.00042
Низкий
6.7 Medium
CVSS3
7.2 High
CVSS2
Дефекты
NVD-CWE-noinfo